Abstract
This chapter discusses vulnerability scanning and host evaluations in relation to the INFOSEC Evaluation Methodology (IEM). This section of the evaluation requires much more thought than perhaps was initially considered. Modern INFOSEC tools simplify the task of gathering the suspected vulnerabilities, but the tools do not replace the evaluator's intellect, ability to reason, knowledge, and experience. The evaluator brings his or her skills, technical and nontechnical experience, and appropriate knowledge base to the evaluation efforts. The chapter starts with a reminder of the phase of the IEM in which vulnerability scanning takes place. Thereafter, it discusses the subject of vulnerability scanning. It introduces the risk triangle to show where vulnerabilities impact an organization's INFOSEC posture and risk profile. The tools section of the chapter lists several vulnerability scanning tools, provides screen captures to familiarize with the various interfaces to the tools, and briefly notes items of interest regarding each tool.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
